Data Access Security

1. A computer-implemented method for securing a computer, comprising: determining a user group associated with a user of the computer; considering code evidence indicating a trustworthiness of code on which a process executed on the computer by the user is based; computing an initial permissions set for the process responsive to the code evidence, the user group, and a security policy; applying the initial permissions set to the process; receiving a request from the process having the initial permissions set to access data, the request including location information comprising a uniform resource locator (URL) indicating a location of the requested data; considering data evidence indicating a trustworthiness of the requested data based on the location of the requested data, wherein requested data from different locations have different levels of trustworthiness; computing an effective permissions set for the process responsive to the code evidence, the user group, the data evidence and the security policy, wherein the effective permissions set is a subset of the initial permissions set; applying the effective permissions set to the process for the data access; and restoring the initial permissions set to the process responsive to completion of the data access.

2. The method of claim 1 , wherein considering data evidence comprises: analyzing the requested data to ascertain the data's trustworthiness.

3. The method of claim 1 , wherein considering code evidence comprises determining capabilities of the code, different capabilities of the code having different levels of trustworthiness.

4. The method of claim 1 , wherein computing an effective permissions set for the process comprises: assigning the requested data to a data group based on the requested data's trustworthiness; and selecting an effective permissions set for the process from among a plurality of permissions sets described by the security policy responsive to the assigned data group.

5. A system for securing a computer, comprising: a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for: determining a user group associated with a user of the computer; considering code evidence indicating a trustworthiness of code on which a process executed on the computer by the user is based; considering data evidence indicating a trustworthiness of data requested by the process, the request from the process including location information comprising a uniform resource locator (URL) indicating a location of the requested data and the consideration of data evidence based on the location of the requested data, wherein data from different locations have different levels of trustworthiness; computing an initial permissions set responsive to the code evidence, the user group, and a security policy, applying the initial permissions set to the process, receiving a request from the process having the initial permissions set to access data, and computing an effective permissions set for the process responsive to the code evidence, the user group, the data evidence and the security policy, wherein the effective permissions set is a subset of the initial permissions set; and applying the effective permissions set to the process for the data access and restoring the initial permissions set to the process responsive to completion of the data access; and a processor for executing the computer program instructions.

6. The system of claim 5 , wherein considering data evidence further comprises: analyzing the requested data to ascertain the data's trustworthiness.

7. The system of claim 5 , wherein considering code evidence comprises determining capabilities of the code, different capabilities of the code having different levels of trustworthiness.

8. The system of claim 5 , wherein computing an initial permissions set further comprises: assigning the requested data to a data group based on the requested data's trustworthiness; and selecting an effective permissions set for the process from among a plurality of permissions sets described by the security policy responsive to the assigned data group.

9. A non-transitory computer-readable storage medium having executable computer program instructions recorded thereon for securing a computer, the executable computer program instructions comprising instructions for: determining a user group associated with a user of the computer; considering code evidence indicating a trustworthiness of code on which a process executed on the computer by the user is based; considering data evidence indicating a trustworthiness of data requested by the process, the request from the process including location information comprising a uniform resource locator (URL) indicating a location of the requested data and the consideration of data evidence based on the location of the requested data, wherein data from different locations have different levels of trustworthiness; computing an initial permissions set responsive to the code evidence, the user group, and a security policy, applying the initial permissions set to the process, receiving a request from the process having the initial permissions set to access data, and computing an effective permissions set for the process responsive to the code evidence, the user group, the data evidence and the security policy, wherein the effective permissions set is a subset of the initial permissions set; and applying the effective permissions set to the process for the data access and restoring the initial permissions set to the process responsive to completion of the data access.

10. The computer-readable storage medium of claim 9 , wherein considering data evidence further comprises: analyzing the requested data to ascertain the data's trustworthiness.

11. The computer-readable storage medium of claim 9 , wherein considering code evidence comprises determining capabilities of the code, different capabilities of the code having different levels of trustworthiness.

12. The computer-readable storage medium of claim 9 , wherein computing an initial permissions set further comprises: assigning the requested data to a data group based on the requested data's trustworthiness; and selecting an effective permissions set for the process from among a plurality of permissions sets described by the security policy responsive to the assigned data group.

13. A non-transitory computer-readable storage medium having executable computer program instructions recorded thereon for generating a data file usable by managed code executing within an execution environment of a computer, the executable computer program instructions comprising instructions for: determining a user group associated with a user of the computer, considering code evidence indicating a trustworthiness of code on which a process executed within the execution environment by the user is based, considering data evidence in the data file responsive to the process executing within the execution environment requesting access to the data file, the data evidence indicating a trustworthiness of the requested data, the request from the process including location information comprising a uniform resource locator (URL) indicating a location of the requested data and the consideration of data evidence based on the location of the requested data, wherein data from different locations have different levels of trustworthiness, computing an initial permissions set responsive to the code evidence, the user group, and a security policy, apply the initial permissions set to the process, receive a request from the process having the initial permissions set to access data, and compute an effective permissions set for the process responsive to the code evidence, the user group, the data evidence and the security policy, wherein the effective permissions set is a subset of the initial permissions set, and applying the effective permissions set to the process for the data access and restore the initial permissions set to the process responsive to completion of the data access; incorporating the data evidence into the data file.

14. A non-transitory computer-readable storage medium having executable computer program instructions recorded thereon for securing a computer, the executable computer program instructions comprising instructions for: determining a user group associated with a user of the computer; considering code evidence indicating a trustworthiness of a process executed on the computer by the user; computing a first effective permissions set for the process responsive to the code evidence, the user group, and a security policy; applying the first effective permissions set to the process; responsive to receiving a request from the process to access data, considering data evidence indicating a trustworthiness of the data for which the process is requesting access, the request from the process including location information comprising a uniform resource locator (URL) indicating a location of the requested data and the consideration of data evidence based on the location of the requested data, wherein data from different locations have different levels of trustworthiness; computing a second effective permissions set for the process responsive to the data evidence, the user group, and the security policy, wherein the second effective permissions set is a subset of the first effective permissions set; applying the second effective permissions set to the process; allowing the process to perform the requested data access while the second effective permissions set is applied to the process; and applying the first effective permissions set to the process responsive to a completion of the requested data access.

15. The computer-readable storage medium of claim 14 , wherein the first effective permissions set is applied to the process responsive to a specified duration of time after completion of the requested data access elapsing.

16. The method of claim 1 , further comprising: determining a format in which the requested data are encoded; inferring a source of the requested data based on the format of the data; and considering data evidence indicating a trustworthiness of the requested data based on the source of the requested data, wherein requested data from different sources have different levels of trustworthiness.

17. The method of claim 1 , wherein the location information indicates whether the requested data are stored locally or remotely from the computer, and wherein requested data stored locally have a different level of trustworthiness than requested data stored remotely.